SCONE Configuration and Attestation Service (CAS)
SCONE CAS manages the secrets - in particular, the keys - of an application. The application is in complete control of the secrets: only services given explicit permission by the application's policy get access to keys, encrypted data, encrypted code and policies.
Key generation. SCONE CAS can generate keys on behalf of an application. The generation is performed inside of a trusted execution environment. Access to keys is controlled by a security policy controlled by the application. Neither root users nor SCONE CAS admins can access the keys nor the security policies. So far, SCONE CAS runs inside of SGX enclaves.
Isolation. Users can run their own instances of SCONE CAS, i.e., one can isolate the secrets of different users and the secrets of different applications.
Secure key and configuration provisioning without the need to change the source code of applications: secrets, keys, and configuration parameters are securely provisioned via command line arguments, environment variables and via transparently encrypted files.
Access control. To modify or read a policy, a client needs to prove, via TLS, that it knows the private key belonging to a public key specified in the policy. SCONE CAS grants - without any exception - only such clients access to this policy. The client's access to a private key is typically also controlled by a policy - possibly, even the same policy. Note that only after a successful attestation, will a client can get access to its private keys.
Management. The management of SCONE CAS can be delegated to a third party. The confidentiality and integrity of the policies and their secrets are ensured by CAS itself. Since the entity creating a policy has complete control over who can read or modify this policy, no admin managing SCONE CAS can overwrite the application's access control to a policy.
SCONE CAS supports peer-to-peer based attestation of services operated by mutually distrusting peers.